1. Field of the Invention
The present invention relates to an integrated circuit card for controlling, using key referencing data, access to plural files contained therein.
2. Description of the Prior Art
Conventional integrated circuit cards ("IC cards") typically have a two level logical structure as shown in FIG. 23. The internal memory 200 of the IC card contains a single parent file 201 located in the first level, and plural child files 202, 203 located in the second level. The child files 202, 203 may be used by different applications. The parent file 201 is used by plural applications, and stores common data 204 such as the cardholder's name, address and telephone number, and a global key 205 that is not dependent upon the application. The child files 202, 203 store application-specific data 206, 208 and a local key 207,209. The global key 205 and local keys 207, 209 (collectively the "keys" below) are used to control access to the parent 201 and child files 202, 203, and access to the common data 204 and application-specific data 206,208 is only permitted after the required key has been correctly verified.
The conventional IC card file structure has only two levels, and access control is therefore also limited to these two levels. More specifically, if the global key 205 is correctly verified, the common data 204 as well as the application-specific data 206, 208 can be accessed, and if only a local key 207, 209 is verified, the specific data of the file protected by the verified local key can be accessed.
This file structure presents two problems. First, a file structure having three or more levels cannot be used because the access control method is limited to a two-level file structure. For example, if a grandchild file (not shown in the figures) belonging to one child file 202 is created, the local key 207 may be required to function as a global key for the dependent grandchild files, but this is not possible.
Second, anyone knowing the global key 205 (typically the card issuer) can access the application-specific data 206, 208 without knowing the local keys 207,209. It is therefore not possible to create application-specific files that cannot be accessed by the card issuer, and file security cannot be assured.